HIPAA Security Risk Analysis
The HIPAA Security Risk Analysis, also known as a security risk assessment, is a fundamental process required by the HIPAA Security Rule. Health care providers, payers, clearinghouses and Business Associates are all required to conduct a HIPAA SRA. A limited-scope SRA is also required by the Meaningful Use (Advancing Care Information) program. For Meaningful Use, the SRA is required on an annual basis.
by Gary Pritts | May 14, 2014 | HIPAA
On March 31, the HHS Office for Civil Rights (OCR) finally provided details on what the next phase of its HIPAA audit program will look like. These are outlined in detail in their presentation (slides here) and also in this article written by Adam Greene and Rebecca... Read More
by Gary Pritts | May 12, 2014 | HIPAA
A recent survey by The Identity Theft Resource Center (ITRC) reported that medical identity theft accounted for 43.8 percent of all identity thefts reported in the US last year. The medical/healthcare segment accounted for the largest number of breaches, with other... Read More
by Gary Pritts | May 12, 2014 | HIPAA
Conducting a meaningful use security risk assessment has been a requirement for HIPAA Covered entities since 2005, and now their business associates must also comply. The Meaningful Use program (Stage 1) also includes the requirement: “Conduct or review a... Read More
by Gary Pritts | May 9, 2014 | HIPAA
The recent situation at NY Presbyterian Hospital/Columbia University Medical Center that resulted in the largest-to-date HIPAA settlement of $4.8 Million, highlighted that security leadership wasn’t aware of all of the applications running on their system. Reading... Read More
by Gary Pritts | May 8, 2014 | HIPAA
The largest HIPAA settlement ever, in the amount of $4.8 Million, by two affiliated organizations, NY Presbyterian and Columbia University, sheds light on HHS expectations for HIPAA compliance, at least for a large academic medical center with 24,000 employees. The... Read More
